Securing U.S. Elections Against Cyber Threats

Considerations for Supply Chain Risk Management

by Quentin E. Hodgson, Marygail K. Brauner, Edward W. Chan

Download eBook for Free

FormatFile SizeNotes
PDF file 0.5 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

The cybersecurity of election systems has long been a central focus of election officials and the federal government, starting with the passage of the Help America Vote Act in 2002 and, more recently, in 2017 with the designation of elections as a critical infrastructure subsector. Federal partners in the Cybersecurity and Infrastructure Security Agency, the U.S. Election Assistance Commission, and the National Institute of Standards and Technology are supporting the election community, including election officials and vendors, to improve cybersecurity. More recently, this focus has expanded to concerns about the supply chain of components that are integral to election system equipment. This concern for the cybersecurity of supply chains is found throughout industry as organizations strive to protect their equipment and customers from cyber threats.

In this Perspective, RAND Corporation researchers lay out the considerations for securing election system supply chains against cyber threats and how the federal government can partner with state and local officials and the vendor community to understand where risk lies in the supply chain. The Perspective discusses how existing tools and approaches can be adapted and used to facilitate cyber supply chain risk management. It should be of interest to federal, state, and local election officials who will manage their relationships with the manufacturers of election equipment; to manufacturers that will, in turn, manage their relationships with their suppliers; and to those developing tools for mapping supply chains and assessing supply chain risk.

Research conducted by

This research was conducted within the Strategy, Policy and Operations Program of the RAND Homeland Security Research Division.

This report is part of the RAND Corporation perspective series. RAND perspectives present informed perspective on a timely topic that address the challenges facing the public and private sectors. All RAND perspectives undergo rigorous peer review to ensure high standards for research quality and objectivity.

Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.